README.md Docker IDA Run disassembler in containers. Ideal for automating, scaling and distributing the use of IDAPython scripts to perform large-scale reverse engineering tasks. Our blog: Requirements • Machine with Docker installed. • IDA Pro Linux version installation file (.run) and a valid license for running multiple instances. Installation • Clone docker-ida repository: $ git clone • Copy IDA Pro installation file to the repository's ida directory: $ cp docker-ida/ida/ida.run • Build IDA docker image: $ sudo docker build -t ida --build-arg IDA_PASSWORD= docker-ida/ida Note: It is recommended to push the built image to a private Docker Hub repository ().

Otherwise you have to build the image on every machine Start an IDA Service Container IDA service container receives remote IDA commands over HTTP and executes them. To start a container, run this command: $ sudo docker run -v:/shared -p:4000 -it ida -c -t • is a local directory on the host containing the files you want IDA to work with. Scripts, files to disassemble, etc. Note: If you use on Windows, you might experience some issues parsing paths. Use // in the beginning of the paths (see ) • is the port you tell the host you would like to use to connect to the specific docker container. (see ) • is the number of IDA worker processes. This number should be up to 4 workers per core in the host.

Default is 8. • is the server timeout for each request. Default is 30.

Note: In order to run multiple containers on the same host, publish each container to a different host port Usage On The server: • Start two IDA containers as daemon: $ sudo docker run -v /path/to/current/folder/docker-ida/example_volume:/shared -p 4001:4000 -d ida -c 4 $ sudo docker run -v /path/to/current/folder/docker-ida/example_volume:/shared -p 4002:4000 -d ida -c 4 On The client: • Install ida_client Python library: On Windows: $ pip install 'git+On Linux / Mac OS X: $ pip install 'git+Note: pip version must be 8.1.1 or higher • Send commands to the containers using the Python library. >>>import ida_client >>>>>>client = ida_client.Client([ ', ']) >>>>>>client.send_command( 'idal -Sextract_file_functions.py -A zlib.dll.sample ', timeout = 600) True >>>>>>files = [ 'zlib.dll.sample ', 'Win32OpenSSL.sample '] >>>>>># Building list of commands to send at once >>>commands = [ 'idal -Sextract_file_functions.py -A%s '% file for file in files] >>>>>>client.send_multiple_commands(commands, timeout = 600) [ True, True] Advanced Usage • Add additional python libraries to the repository's ida/requirements.txt before building the image. The library is already installed for rapid IDAPython scripting. • For IDA 64 bit files.

Jump to Install for ida 6.5 - Some require PySide as well. To install it on Linux for IDA Pro, see Hexblog, but let's install it locally in idapython instead of / Download PySide 2011/12/30 for IDAPython 1.5+, Python 2.7 (2.6) and Qt 4.8.4 (IDA 6. Eurolive B1800d-pro Manual here. 5), Linux version tar xvfz os_package_pyside_python27_package.tgz. Using IDA Free in Linux. IDA Pro is generally the de-facto standard for any malware analysts I. It looks like any XP SP3 install disk will allow you a 30 day.

>>>client.send_command( 'idal64 -Sida_python_script.py -A sample_x64.exe ', timeout = 600) True • You can use any of the (except for GUI-related switches) Troubleshooting If the script doesn't run correctly: • Examine the log files in the volume /logs/. Each container has a different log file named -ida-service.log • Make sure the IDAPython script is Python 2.7 compatible, Python 3.x is not supported in IDAPython. • Make sure to add Python libraries to the requirements.txt before building the docker image. When requirements.txt changes, the docker image and containers can always be rebuilt.

• Make sure the paths to the IDAPython scripts and files to disassemble in the send command are relative to the volume. Notes • Tested with IDA 6.9 • You are required to read the prior to using this project. • More information on our blog post.

IDA is powerful Debugger/Dis-assembler, you can read more in this The main road block for the installation is that IDA is a 32 bit application and so expects 32 bit libraries. But your system being 64 bit will only have 64 bit libraries and so you have to install the 32 bit variant of the libraries that IDA requires. I will walk you through the install steps. Step 1: Download Download the IDA files[l], of course it's a paid software and you can get only the demo version. Step 2: Unzip Unzip the files and try to run the executable ' idaq' #./idaq and if your Ubuntu is 64 bit something similar may show up./idaq: error while loading shared libraries: libgthread-2.0.so.0: cannot open shared object file: No such file or directory Step 3: Install 32 bit libraries So you have to install the 32 bit libraries, 64 bit version will be already present on your system by default. Find the package that has libgthread-2.0.so.0 # dpkg -S libgthread-2.0.so.0 libglib2.0-0:amd64: /usr/lib/x86_64-linux-gnu/libgthread-2.0.so.0 The package name ' libglib2.0-0:amd64' and 32 bit package will be ' libglib2.0-0:i386' And install the package ' libglib2.0-0:i386' #apt-get install libglib2.0-0:i386 Before trying to run IDA again you can find out all the libraries that are not found in the system using the below command #ldd idaq grep found After installing all the missing libraries you can run IDA again [./idaq].